Security Bulletin

Analysis of security, technology, and attempts to filter random noise

Tom Espiner

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found that journalism was for him, and after a period of freelancing, landed a job as security reporter for ZDNet UK. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Latest Posts

Data watchdog the Information Commissioner's Office is to begin aggregating complaints about private sector organisations in an effort to bring more fines against companies for breaches of UK data law.The ICO has imposed 14 civil monetary penalties against organisations since November 2010, with 12 being against public sector organisations, and one against a public sector service provider.

A hacker managed to get into a GlobalSign server and compromise the company's digital certificate due to a piece of unpatched open source software on the server, according to a C-Level member of GlobalSign staff.The code had not been updated as it was not included on lists of proprietary software to be patched, the senior GlobalSign staff member told ZDNet UK on Wednesday.

A new online tool aims to draw attention to websites with insecure implementations of SSL, the encryption protocol that is widely used for online authentication.The 'Pulse' tool, part of the Trustworthy Internet Movement (TIM), allows the public to type in web addresses to find out whether the organisation has good SSL security.

More than one in 10 secondhand hard drives sold online may contain recoverable personal information, making people a 'soft touch for online fraudsters', an investigation by the Information Commissioner's Office has found.Organisations and individuals may be disposing of hard drives without fully wiping data, due to a lack of technical knowledge, the data watchdog said in a report on Wednesday.

UK information security incidents are at an all-time high, and are costing UK businesses billions per year, according to auditing house PricewaterhouseCoopers.Hacks, attacks, and insider data mistakes cost the UK between £5bn and £10bn last year, according to PwC One Security partner Chris Potter — who added the proviso that the figure needed to be taken with a pinch of salt due to difficulties in quantifying that kind of loss.

Threats to European information security cannot be dealt with by military or other traditional security methods alone, according to digital agenda commissioner Neelie Kroes.Kroes called for a co-ordinated response between the public and private sectors, echoing previous calls made by the European Commission, the UK and the US governments, in a video speech to the Infosecurity Conference 2012 in London on Tuesday.

Organisations including the Iranian Ministry of Petroleum and the National Iranian Oil Company were the target of a computer worm attack on Sunday, according to the Mehr news agency."The cyberattack disrupted internet access at the aforementioned organisations and companies, and the relevant officials are investigating the issue," a Mehr article said on Monday.

US company CSC is to cut 640 UK jobs relating to its 'unworkable' Lorenzo NHS IT contract, taking the total of announced job cuts to over 1,100 since February, according to the Unite trade union.The majority of cuts will affect CSC employees in Chesterfield, Chorley, Leeds and Solihull, Unite said in a statement on Monday.

The European Parliament has approved a controversial deal to share airline passengers' personal data with US authorities, replacing a potentially illegal agreement that has been in force since 2007.The European Union has approved a pact on the exchange of air passenger data with the US.

Open standards in procurement, less restrictive copyright regimes, and net neutrality can all play a part in freeing internet users from potential 'digital handcuffs', according European Commission digital agenda chief Neelie Kroes.Kroes reiterated a number of strands of European Commission thought on the 'open internet' at the W3C Conference in Lyon on Thursday.

GCHQ has released two mathematical papers written by cryptographer Alan Turing after keeping the works secret for over half a century.GCHQ has released two mathematical papers written by cryptographer Alan Turing.

Microsoft has announced a partial list of features of Windows 8 Enterprise, with the majority already available in previous operating systems.One new feature in a list published by Microsoft on Wednesday was 'Windows To Go', a Windows 8 desktop which can be loaded onto USB stick, aimed at businesses keen to let employees bring their own devices to work (BYOD).